Elasticsearch-js: Not able to query with reserved characters

Created on 29 Dec 2016  路  5Comments  路  Source: elastic/elasticsearch-js

I'm using the following query string.

query_string : {
fields : ["field1", "field2"],
query : "*testing\(*"
}

But getting the following error:

"msg": "[query_parsing_exception] Failed to parse query [testing(], with { index=someindex line=1 col=166 }",
"path": "/somepath",
"query": {},
"body": "{\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"fields\":[\"buildName\",\"programName\",\"sites\",\"taskName\",\"assignedTo\",\"currentStatus\",\"name\",\"dueDate\"],\"query\":\"testing(\"}},{\"missing\":{\"field\":\"deleted\"}}],\"must_not\":{\"match\":{\"currentStatus\":\"Completed\"}}}},\"from\":0,\"size\":\"10\",\"sort\":[{\"dueDate\":{\"order\":\"asc\"}}]}",
"statusCode": 400,
"response": "{\"error\":{\"root_cause\":[{\"type\":\"query_parsing_exception\",\"reason\":\"Failed to parse query [testing(]\",\"index\":\"someindex\",\"line\":1,\"col\":166}],\"type\":\"search_phase_execution_exception\",\"reason\":\"all shards failed\",\"phase\":\"query\",\"grouped\":true,\"failed_shards\":[{\"shard\":0,\"index\":\"someindex\",\"node\":\"0v5EQ99oRWeZfN0WIU59wA\",\"reason\":{\"type\":\"query_parsing_exception\",\"reason\":\"Failed to parse query [testing(]\",\"index\":\"someindex\",\"line\":1,\"col\":166,\"caused_by\":{\"type\":\"parse_exception\",\"reason\":\"Cannot parse 'testing(': Encountered \\"\\" at line 1, column 10.\nWas expecting one of:\n ...\n ...\n ...\n \\"+\\" ...\n \\"-\\" ...\n ...\n \\"(\\" ...\n \\")\\" ...\n \\"\\" ...\n \\"^\\" ...\n ...\n ...\n ...\n ...\n ...\n ...\n \\"[\\" ...\n \\"{\\" ...\n ...\n \",\"caused_by\":{\"type\":\"parse_exception\",\"reason\":\"Encountered \\"\\" at line 1, column 10.\nWas expecting one of:\n ...\n ...\n ...\n \\"+\\" ...\n \\"-\\" ...\n ...\n \\"(\\" ...\n \\")\\" ...\n \\"\\" ...\n \\"^\\" ...\n ...\n ...\n ...\n ...\n ...\n ...\n \\"[\\" ...\n \\"{\\" ...\n ...\n \"}}}}]},\"status\":400}"
}

I've used "\" to escape the special character "(". Can't I use special characters with wildcards?
Any suggestions?

Most helpful comment

@kaustav1992 I just ran into this need and built this function to escape user-provided values going into query_string. I think it's what you were asking for.

function sanitizeValue(value) {
  return value
    .replace(/[<>]/g, ``)
    .replace(/([+-=&|><!(){}[\]^"~*?:\\/])/g, '\\$1')
}

All 5 comments

Not sure @kaustav1992, but you'll get a lot more help asking this question at the elasticsearch user forums

@kaustav1992 I just ran into this need and built this function to escape user-provided values going into query_string. I think it's what you were asking for.

function sanitizeValue(value) {
  return value
    .replace(/[<>]/g, ``)
    .replace(/([+-=&|><!(){}[\]^"~*?:\\/])/g, '\\$1')
}

@spalger This is needed when you're hand-rolling queries like foo.bar.baz:${ sanitized(value) } AND foo.bar.bat:${ sanitized(example) } where value and example are user-provided and might result in malformed queries pretty easily. I don't think it belongs in elasticsearch-js unless we provide it as some sort of helper as-is, but it definitely should be somewhere. I'm certain/hopeful Kibana does this in a few places

Kibana should only be using the JSON search DSL when consuming user input.

client.search({
  body: {
    query: {
      bool: {
        must: [
          { term: { "foo.bar.baz": value } },
          { term: { "foo.bar.bat": example } }
        ]
      }
    }
  }
})
Was this page helpful?
0 / 5 - 0 ratings

Related issues

peshrawahmed picture peshrawahmed  路  3Comments

shenieee09 picture shenieee09  路  4Comments

ablakey picture ablakey  路  4Comments

lamontadams picture lamontadams  路  4Comments

JrSchild picture JrSchild  路  5Comments